Vulnerability Description
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clamav | Clamav | <= 0.103.5 |
| Cisco | Secure Endpoint | < 1.16.3 |
| Fedoraproject | Fedora | 34 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2022/06/msg00004.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202310-01
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/06/msg00004.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202310-01
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cThird Party Advisory
FAQ
What is CVE-2022-20770?
CVE-2022-20770 is a vulnerability with a CVSS score of 8.6 (HIGH). On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (...
How severe is CVE-2022-20770?
CVE-2022-20770 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-20770?
Check the references section above for vendor advisories and patch information. Affected products include: Clamav Clamav, Cisco Secure Endpoint, Fedoraproject Fedora, Debian Debian Linux.